42Crunch Launches New REST API Static Security Testing Extension for Azure Pipelines

Enables Azure DevOps customers to extend their DevSecOps practices to REST APIs

IRVINE, CA, MARCH 18, 2020— Today, the API security leader and creator of REST API
DevSecOps tooling and the industry’s first API Firewall, 42Crunch, announced the launch of
their new REST API Static Security Testing extension for Microsoft Azure Pipelines. This
extension enables companies to easily enforce secure API design right from their CI/CD

With REST API proliferation and REST APIs becoming one of the top attack vectors, ensuring
that all APIs that a company develops and hosts are secure by design can be a problem. And
with CI/CD, any new API or any modification to existing APIs that developers add can get
pushed to production without proper checks on security. Up until now, there has been no
extension in the Azure marketplace that would have been specifically geared for the static
analysis of REST API security.

The new 42Crunch extension for Microsoft Azure Pipelines allows companies to add REST API
static security testing (SAST) right into their CI/CD pipeline. The benefits include:
Reduced risk of breach: Locate API contract files in the repository and run 200+
security checks covering OpenAPI standard requirements, authentication, authorization,
and both incoming and outgoing data validation. This makes sure that no new or
changed API can pass the test and get deployed to production if it does not meet your
security standards.
Reduced fixing costs: Find and report security flaws at each pipeline run, providing
immediate feedback to R&D.
Increased R&D efficiency: 42Crunch API Contract Security Audit does not give false
positives. Every issue reported is worth looking into. Issues are prioritized by impact, so
developers know where to start. Every issue comes with a detailed knowledge base
article explaining the issue, its severity, exploit scenario, and ways to fix it.

“Modern software development trends, such as cloud-native architectures, microservices, and
serverless, have led to companies spinning up hundreds or even thousands of APIs,” says
Jacques Declas, the CEO and founder of 42Crunch. “Agile processes and DevOps lead to new
APIs being developed and existing APIs getting changed every day. No manual policies or
checks can ensure that they are all securely designed and follow all the modern API security
best practices. Today, 42Crunch is releasing an off-the-shelf API security extension for Azure

DevOps to allow Azure Pipelines customers to automatically discover APIs built by their
pipelines, and ensure that these APIs are secure by design.”

“DevSecOps has become the way for teams to stay agile and deliver business value while
maintaining a high level of systems security,” says Steven Murawski, Cloud Advocate at
Microsoft. “While Azure Pipelines already had security testing extensions for various parts of the
application stack, there had been a glaring gap of the one specifically designed for REST APIs.
We are happy to see 42Crunch bridge that gap with their solution.”
Now, any registered 42Crunch user who is also a user of Azure DevOps pipeline, can extend
the pipeline with the 42Crunch REST API Security Audit Static Analysis extension:
Last year, 42Crunch launched an OpenAPI (Swagger) Editor for VS Codeas part of an overall
strategy to simplify and automate API security. The extension has been well received with a 5
star rating, and more than 47,000 installs. You can download it for free here:
42Crunch has also recently launched freemium model with free self-service registration at
REST API Security by Design with Azure Pipelines
Join Microsoft and 42Crunch for a live webinar Wednesday March 25th at 8am PST / 11am EST
for a deep dive into a shift-left security approach using OpenAPI, Azure Pipelines, and

About 42Crunch
42Crunch bridges the gap between API development and security teams with a simple,
automated platform that provides auditing, live endpoint scanning, and micro API firewall
protection. Unlike other solutions on the market, 42Crunch Platform empowers development,
security, and operations teams with a set of integrated tools to easily build security into the
foundation of the API, and enforce those policies throughout the API lifecycle. By delivering
security as code, you enable a seamless DevSecOps experience, allowing innovation at the
speed of business without sacrificing integrity. Visit
​ ​https://42crunch.comto learn more.
Visit our online community
​ ​https://APIsecurity.io.